Trying to set up a home network

NoelDP

Three-Toed Sloth
Vista Guru
Hmm - please run Farbar again, and we'll see if anything has changed.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G
Farbar Service Scanner Version: 25-02-2014
Ran by The Big Kahuna (administrator) on 02-03-2014 at 08:00:46
Running from "G:\Torrents"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 05:15] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 

My Computer

NoelDP

Three-Toed Sloth
Vista Guru
Hmm - no change there. :(
Let's get Defender set properly -
Open an Elevated Command Prompt, and run the following command

SC CONFIG WinDefend start= manual

This is the normal setting for when MSE is installed, since MSE includes its own version of the app.

Now let's see if there's anything in the Event Viewer that tells us what' going on..


Open Event Viewer
click on the Windows logs entry in the left pane to expand it.


Now click on the Application entry - wait while it loads.


Click on 'File' in the menu bar and select Save...

Save the file as Appevt.evtx

Repeat for the System log

then zip both, and upload them.


 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G
View attachment Sysevt.zipView attachment Appevt.zip

I'm not sure if the zipping process went OK. "7-Zip" got hung up at 99% with both files.

Also problem with the SC CONFIG WinDefend start= manual.
It wouldn't accept a space after the = sign but SEEMED to run after I deleted the space. Here's a copy and paste:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>SC CONFIG WinDefend start= manual

ERROR: Invalid start= field

DESCRIPTION:
Modifies a service entry in the registry and Service Database.
USAGE:
sc <server> config [service name] <option1> <option2>...

OPTIONS:
NOTE: The option name includes the equal sign.
A space is required between the equal sign and the value.
type= <own|share|interact|kernel|filesys|rec|adapt>
start= <boot|system|auto|demand|disabled|delayed-auto>
error= <normal|severe|critical|ignore>
binPath= <BinaryPathName>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
DisplayName= <display name>
password= <password>

C:\Windows\system32>SC CONFIG WinDefend start=manual
DESCRIPTION:
Modifies a service entry in the registry and Service Database.
USAGE:
sc <server> config [service name] <option1> <option2>...

OPTIONS:
NOTE: The option name includes the equal sign.
A space is required between the equal sign and the value.
type= <own|share|interact|kernel|filesys|rec|adapt>
start= <boot|system|auto|demand|disabled|delayed-auto>
error= <normal|severe|critical|ignore>
binPath= <BinaryPathName>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
DisplayName= <display name>
password= <password>

C:\Windows\system32>
 

My Computer

NoelDP

Three-Toed Sloth
Vista Guru
My fault - the Control Panel describes it as 'Manual' while the SC command needs the more cprrect 'demand' descriptor.

This command should work..

SC CONFIG WinDefend start= demand

(I always seem to need two bites at the cherry with the SC subcommands! :( - sorry!)
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G

NoelDP

Three-Toed Sloth
Vista Guru
Here's what I managed to pick out of the Event logs...

the service Lbd failed to start - (no reason)

The IPsec Policy Agent service (amongst others)depends on the Base Filtering Engine (BFE) service which failed to start because of the following error: Access is denied

The Remote Access Connection Manager service depends on the Telephony service (TapiSrv)which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.



The Lbd service is a fag-end from Ad-Aware :(

Please run the following commands in an Elevated Command Prompt to get rid of it, and find a little more information about the BFE and TapiSrv services...



REG QUERY HKLM\System\CurrentControlSet\Services\TapiSrv /S
REG QUERY HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

REG DELETE HKLM\System\CurrentControlSet\Services\Lbd /f


Note: you may get an error in permissions on the last one - let me know and we'll deal with it the hard way :)


reboot, and run another Farbar scan - post the results.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G
Ha! No problem, but that only makes it 99 pints of Allbright I owe you.

OK, I think that went OK. (I uninstalled that 7-zip, don't even know were it came from)

PS Let me read that last post
OK, I'll run the REG stuff and report back
 

Attachments

My Computer

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\System\CurrentControlSet\Services\TapiSrv /S

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TapiSrv
DisplayName REG_SZ Telephony
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k NetworkSe
rvice
Start REG_DWORD 0x4
Type REG_DWORD 0x20
Description REG_SZ @%SystemRoot%\system32\tapisrv.dll,-10101
DependOnService REG_MULTI_SZ PlugPlay\0RpcSs
ObjectName REG_SZ NT AUTHORITY\NetworkService
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege\0SeChangeNotifyPrivil
ege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege\0
SeAssignPrimaryTokenPrivilege
FailureActions REG_BINARY 80510100000000000000000003000000140000000100
0000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TapiSrv\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\tapisrv.dll
ServiceDllUnloadOnStop REG_DWORD 0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TapiSrv\Performance
Close REG_SZ CloseTapiPerformanceData
Collect REG_SZ CollectTapiPerformanceData
Library REG_SZ tapiperf.dll
ObjectList REG_SZ 1150
Open REG_SZ OpenTapiPerformanceData
InstallType REG_DWORD 0x1
PerfIniFile REG_SZ tapiperf.ini
First Counter REG_DWORD 0x738
Last Counter REG_DWORD 0x74a
First Help REG_DWORD 0x739
Last Help REG_DWORD 0x74b

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TapiSrv\Security
Security REG_BINARY 010014808C00000098000000140000003000000002001C0001
00000002801400FF010F0001010000000000010000000002005C000400000000001400FD01020001
010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D
010200010100000000000504000000000014009D0102000101000000000005060000000101000000
00000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TapiSrv\Enum
0 REG_SZ Root\LEGACY_TAPISRV\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1


C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Svchost
ERROR: Invalid syntax.
Type "REG QUERY /?" for usage.

C:\Windows\system32>REG DELETE HKLM\System\CurrentControlSet\Services\Lbd /f
The operation completed successfully.

C:\Windows\system32>
**********************************************************************************************

Farbar Service Scanner Version: 25-02-2014
Ran by The Big Kahuna (administrator) on 02-03-2014 at 11:44:39
Running from "G:\Torrents"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 05:15] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 

My Computer

Farbar Service Scanner Version: 25-02-2014
Ran by The Big Kahuna (administrator) on 02-03-2014 at 12:10:18
Running from "G:\Torrents"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 05:15] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 

My Computer

NoelDP

Three-Toed Sloth
Vista Guru
Let's see if we can get Tapisrv running, and get some more information...

In an Elevated Command Prompt..

SC CONFIG Tapisrv start= demand
REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\BFE /S
REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE /S


post the results, then reboot and wait 10 minutes.
Open Event Viewer and export new Application and System logs - compress and upload them
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G
I pasted the block of 3 lines into the command prompt. Then I thought, hmm, maybe I should have pasted them one by one so that is what I done next. Here's the full printout:

00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6200000000FFFFFFFFFFFF
FFFF010000003BE22C6367515C4386D7E903684AA80C060000000300000003000000010000000000
0000FFFFFFFFFFFFFFFF400100000100048C28010000340100000000000014000000020014010800
000000101800FF070F000102000000000005200000002002000000101800FF070300010200000000
0005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE
0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4
E20EA78BEBCA7B42135600102800FF070300010600000000000550000000790978B5AFA1EDD8545E
32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65
B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B
45DB505B43270458D86B001014005000000001010000000000010000000001010000000000051300
0000010100000000000513000000
{12c38916-82ac-4737-8f38-b6957ffebad6} REG_BINARY 01100800CCCCCCCCD802
0000000000000000020005000000780100000400020040010000080002007801000001100800CCCC
CCCC680100000000000000000200000000001689C312AC8237478F38B6957FFEBAD6040002000800
0200020000000C0002000000000000000000FFBDF9652D3B5D4EB8C6C720651FE89841D4CDB390AF
BA41A7457C6008FF2301040000000400000010000200010000001400020002100000000000000000
00000000000000000000000000000000000000000000000000000000000000000000920001000000
00000400000004000000180002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300035000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6200000000FFFFFFFFFFFF
FFFF010000003BE22C6367515C4386D7E903684AA80C060000000300000003000000010000000000
0000FFFFFFFFFFFFFFFF400100000100048C28010000340100000000000014000000020014010800
000000101800FF070F000102000000000005200000002002000000101800FF070300010200000000
0005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE
0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4
E20EA78BEBCA7B42135600102800FF070300010600000000000550000000790978B5AFA1EDD8545E
32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65
B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B
45DB505B43270458D86B001014005000000001010000000000010000000001010000000000051300
0000010100000000000513000000
{4d9581d2-aef8-4993-84cd-b986ced80d42} REG_BINARY 01100800CCCCCCCCD802
0000000000000000020005000000780100000400020040010000080002007801000001100800CCCC
CCCC68010000000000000000020000000000D281954DF8AE934984CDB986CED80D42040002000800
0200010000000C000200000000000000000090994961B63C844EB95053B94B6964F341D4CDB390AF
BA41A7457C6008FF2301040000000400000010000200010000001400020002100000000000000000
00000000000000000000000000000000000000000000000000000000000000000000930001000000
00000400000004000000180002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300035000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6200000000FFFFFFFFFFFF
FFFF010000003BE22C6367515C4386D7E903684AA80C060000000300000003000000010000000000
0000FFFFFFFFFFFFFFFF400100000100048C28010000340100000000000014000000020014010800
000000101800FF070F000102000000000005200000002002000000101800FF070300010200000000
0005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE
0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4
E20EA78BEBCA7B42135600102800FF070300010600000000000550000000790978B5AFA1EDD8545E
32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65
B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B
45DB505B43270458D86B001014005000000001010000000000010000000001010000000000051300
0000010100000000000513000000
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc} REG_BINARY 01100800CCCCCCCCD802
0000000000000000020005000000780100000400020040010000080002007801000001100800CCCC
CCCC68010000000000000000020000000000F4BD7CBE92B1A54A94F81FB5C5EE07BC040002000800
0200010000000C0002000000000000000000FFBDF9652D3B5D4EB8C6C720651FE89841D4CDB390AF
BA41A7457C6008FF2301040000000400000010000200010000001400020002100000000000000000
00000000000000000000000000000000000000000000000000000000000000000000940001000000
00000400000004000000180002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300035000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6200000000FFFFFFFFFFFF
FFFF010000003BE22C6367515C4386D7E903684AA80C060000000300000003000000010000000000
0000FFFFFFFFFFFFFFFF400100000100048C28010000340100000000000014000000020014010800
000000101800FF070F000102000000000005200000002002000000101800FF070300010200000000
0005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE
0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4
E20EA78BEBCA7B42135600102800FF070300010600000000000550000000790978B5AFA1EDD8545E
32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65
B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B
45DB505B43270458D86B001014005000000001010000000000010000000001010000000000051300
0000010100000000000513000000
{07a24961-a760-4e80-b263-6d275e1b09cb} REG_BINARY 01100800CCCCCCCCD802
0000000000000000020005000000780100000400020040010000080002007801000001100800CCCC
CCCC680100000000000000000200000000006149A20760A7804EB2636D275E1B09CB040002000800
0200010000000C0002000000000000000000000139414C56324BBC1D718048354D7C41D4CDB390AF
BA41A7457C6008FF2301040000000400000010000200010000001400020002100000000000000000
00000000000000000000000000000000000000000000000000000000000000000000950001000000
00000400000004000000180002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300035000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6200000000FFFFFFFFFFFF
FFFF010000003BE22C6367515C4386D7E903684AA80C060000000300000003000000010000000000
0000FFFFFFFFFFFFFFFF400100000100048C28010000340100000000000014000000020014010800
000000101800FF070F000102000000000005200000002002000000101800FF070300010200000000
0005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE
0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4
E20EA78BEBCA7B42135600102800FF070300010600000000000550000000790978B5AFA1EDD8545E
32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65
B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B
45DB505B43270458D86B001014005000000001010000000000010000000001010000000000051300
0000010100000000000513000000
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9} REG_BINARY 01100800CCCCCCCCD802
0000000000000000020005000000780100000400020040010000080002007801000001100800CCCC
CCCC68010000000000000000020000000000E2B20C5B87AB74499F1C2F22A654EEB9040002000800
0200010000000C0002000000000000000000603BB07F8D7BFA4DBADD980176FC4E1241D4CDB390AF
BA41A7457C6008FF2301040000000400000010000200010000001400020002100000000000000000
00000000000000000000000000000000000000000000000000000000000000000000960001000000
00000400000004000000180002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300035000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6200000000FFFFFFFFFFFF
FFFF010000003BE22C6367515C4386D7E903684AA80C060000000300000003000000010000000000
0000FFFFFFFFFFFFFFFF400100000100048C28010000340100000000000014000000020014010800
000000101800FF070F000102000000000005200000002002000000101800FF070300010200000000
0005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE
0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4
E20EA78BEBCA7B42135600102800FF070300010600000000000550000000790978B5AFA1EDD8545E
32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65
B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B
45DB505B43270458D86B001014005000000001010000000000010000000001010000000000051300
0000010100000000000513000000
{2dd96961-5757-434f-b617-34e732517c0e} REG_BINARY 01100800CCCCCCCC0803
0000000000000000020005000000A8010000040002004001000008000200A801000001100800CCCC
CCCC980100000000000000000200000000006169D92D57574F43B61734E732517C0E040002000800
0200020000000C0002000000000000000000972CB4A3049F7246B87ECEE9C483257F66DC69BA7651
79499C8926A7B46A8327010000000100000000000000030000001000020001100000000000000000
00000000000000000000000000000000000000000000000000000000000000000000970001000000
00000400000004000000140002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300035000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6203000000DE90F98998E7
6D4EAB767C9558292E6F00000000030000000300000083000000DC6611518C7AA74AB53395AB59FB
03400000000003000000030000000E0000003BE22C6367515C4386D7E903684AA80C080000000300
000003000000010000000080010800000000400100000100048C2801000034010000000000001400
0000020014010800000000101800FF070F000102000000000005200000002002000000101800FF07
03000102000000000005200000002C02000000102800FF070300010600000000000550000000F141
10B836FC4D57A8AE0B7025210442844F113100102800FF0703000106000000000005500000004959
9D779156E555DCF4E20EA78BEBCA7B42135600102800FF0703000106000000000005500000007909
78B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8
623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF
1BBB45EFD2B14A3B45DB505B43270458D86B00101400500000000101000000000001000000000101
00000000000513000000010100000000000513000000
{375fb39b-08c6-40f2-bdf2-08fa63f970a2} REG_BINARY 01100800CCCCCCCC0803
0000000000000000020005000000A8010000040002004001000008000200A801000001100800CCCC
CCCC980100000000000000000200000000009BB35F37C608F240BDF208FA63F970A2040002000800
0200010000000C0002000000000000000000972CB4A3049F7246B87ECEE9C483257F66DC69BA7651
79499C8926A7B46A8327010000000100000000000000030000001000020001100000000000000000
00000000000000000000000000000000000000000000000000000000000000000000980001000000
00000400000004000000140002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300035000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6203000000DE90F98998E7
6D4EAB767C9558292E6F00000000030000000300000083000000DC6611518C7AA74AB53395AB59FB
03400000000003000000030000000E0000003BE22C6367515C4386D7E903684AA80C080000000300
000003000000010000000080010800000000400100000100048C2801000034010000000000001400
0000020014010800000000101800FF070F000102000000000005200000002002000000101800FF07
03000102000000000005200000002C02000000102800FF070300010600000000000550000000F141
10B836FC4D57A8AE0B7025210442844F113100102800FF0703000106000000000005500000004959
9D779156E555DCF4E20EA78BEBCA7B42135600102800FF0703000106000000000005500000007909
78B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8
623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF
1BBB45EFD2B14A3B45DB505B43270458D86B00101400500000000101000000000001000000000101
00000000000513000000010100000000000513000000
{b232d62d-7510-4cff-94a1-7fa9f3353a3f} REG_BINARY 01100800CCCCCCCC3003
0000000000000000020005000000D0010000040002004001000008000200D001000001100800CCCC
CCCCC00100000000000000000200000000002DD632B21075FF4C94A17FA9F3353A3F040002000800
0200010000000C0002000000000000000000603BB07F8D7BFA4DBADD980176FC4E1241D4CDB390AF
BA41A7457C6008FF2301040000000400000010000200030000001400020001100000000000000000
00000000000000000000000000000000000000000000000000000000000000000000990001000000
000004000000040000001C0002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300039000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500310030000000CA16CCDE333F4643BE1E8FB4AE0F3D6200000000FFFFFFFFFFFF
FFFF030000003BE22C6367515C4386D7E903684AA80C08000000030000000300000001000000AFA1
1B0C65573F45AF22A8F791AC775B000000000200000002000000040000004D605AC32BD21A4E91B4
68F674EE674B05000000020100000201000018000200020000000200000000000000020000000200
00000200000000000000FFFFFFFFFFFFFFFF400100000100048C2801000034010000000000001400
0000020014010800000000101800FF070F000102000000000005200000002002000000101800FF07
03000102000000000005200000002C02000000102800FF070300010600000000000550000000F141
10B836FC4D57A8AE0B7025210442844F113100102800FF0703000106000000000005500000004959
9D779156E555DCF4E20EA78BEBCA7B42135600102800FF0703000106000000000005500000007909
78B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8
623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF
1BBB45EFD2B14A3B45DB505B43270458D86B00101400500000000101000000000001000000000101
00000000000513000000010100000000000513000000
{790018f5-8e05-4a78-88ac-ebc35a2e5ee5} REG_BINARY 01100800CCCCCCCC3003
0000000000000000020005000000D0010000040002004001000008000200D001000001100800CCCC
CCCCC0010000000000000000020000000000F5180079058E784A88ACEBC35A2E5EE5040002000800
0200020000000C0002000000000000000000603BB07F8D7BFA4DBADD980176FC4E1241D4CDB390AF
BA41A7457C6008FF2301040000000400000010000200030000001400020001100000000000000000
000000000000000000000000000000000000000000000000000000000000000000009A0001000000
000004000000040000001C0002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300039000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D00320033003500310030000000CA16CCDE333F4643BE1E8FB4AE0F3D6200000000FFFFFFFFFFFF
FFFF030000003BE22C6367515C4386D7E903684AA80C08000000030000000300000001000000AFA1
1B0C65573F45AF22A8F791AC775B000000000200000002000000040000004D605AC32BD21A4E91B4
68F674EE674B05000000020100000201000018000200020000000200000000000000020000000200
00000200000000000000FFFFFFFFFFFFFFFF400100000100048C2801000034010000000000001400
0000020014010800000000101800FF070F000102000000000005200000002002000000101800FF07
03000102000000000005200000002C02000000102800FF070300010600000000000550000000F141
10B836FC4D57A8AE0B7025210442844F113100102800FF0703000106000000000005500000004959
9D779156E555DCF4E20EA78BEBCA7B42135600102800FF0703000106000000000005500000007909
78B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8
623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF
1BBB45EFD2B14A3B45DB505B43270458D86B00101400500000000101000000000001000000000101
00000000000513000000010100000000000513000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persi
stent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62} REG_BINARY 01100800CCCCCCCCF000
0000000000000000020000000000D0000000040002000000000000000000D000000001100800CCCC
CCCCC00000000000000000000200CA16CCDE333F4643BE1E8FB4AE0F3D6204000200080002000100
000000000000000000000C0002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300031000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D003200330035003000320000000700000000000000070000006D00700073007300760063000000
000000000000
{4b153735-1049-4480-aab4-d1b9bdc03710} REG_BINARY 01100800CCCCCCCCF000
0000000000000000020000000000D0000000040002000000000000000000D000000001100800CCCC
CCCCC000000000000000000002003537154B49108044AAB4D1B9BDC0371004000200080002000100
000000000000000000000C0002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500300031000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D003200330035003000320000000700000000000000070000006D00700073007300760063000000
000000000000
{1bebc969-61a5-4732-a177-847a0817862a} REG_BINARY 01100800CCCCCCCC3002
0000000000000000020000000000D0000000040002004001000008000200D000000001100800CCCC
CCCCC0000000000000000000020069C9EB1BA5613247A177847A0817862A04000200080002000100
000000000000000000000C0002001800000000000000180000004000460069007200650077006100
6C006C004100500049002E0064006C006C002C002D00320033003500320031000000180000000000
00001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C00
2D003200330035003200320000000700000000000000070000004D00500053005300560043000000
0000400100000100048C28010000340100000000000014000000020014010800000000101800FF07
0F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02
000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F
113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42
135600102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9
E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883
395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458
D86B0010140050000000010100000000000100000000010100000000000513000000010100000000
000513000000
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3} REG_BINARY 01100800CCCCCCCC2802
0000000000000000020000000000C8000000040002004001000008000200C800000001100800CCCC
CCCCB80000000000000000000200877D6AAA8F7F2A4DBE53FDA555CD5FE304000200080002000100
000000000000000000000C000200140000000000000014000000400070006F006C00730074006F00
720065002E0064006C006C002C002D00350030003100330000001400000000000000140000004000
70006F006C00730074006F00720065002E0064006C006C002C002D00350030003100340000000C00
0000000000000C00000050006F006C006900630079006100670065006E0074000000400100000100
048C28010000340100000000000014000000020014010800000000101800FF070F00010200000000
0005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF07
0300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07
030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800FF07
0300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF07
03000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F403
02000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B001014005000
0000010100000000000100000000010100000000000514000000010100000000000514000000
{42ff0794-3627-44c1-9886-765010075254} REG_BINARY 01100800CCCCCCCC4802
0000000000000000020000000000E8000000040002004001000008000200E800000001100800CCCC
CCCCD800000000000000000002009407FF422736C144988676501007525404000200080002000100
000000000000000000000C0002001600000000000000160000004D006900630072006F0073006F00
66007400200041006E00740069006D0061006C007700610072006500000016000000000000001600
00004D006900630072006F0073006F0066007400200041006E00740069006D0061006C0077006100
7200650000001600000000000000160000004D006900630072006F0073006F006600740020004100
6E00740069006D0061006C007700610072006500000000000000400100000100048C280100003401
00000000000014000000020014010800000000101800FF070F000102000000000005200000002002
000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000
000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF070300010600000000
00055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800FF070300010600000000
000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF070300010600000000
0005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F4030200010600000000
0005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000
000100000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persi
stent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300} REG_BINARY 01100800CCCCCCCCC000
0000000000000000020002000000A0000000040002000000000000000000A000000001100800CCCC
CCCC90000000000000000000020041D4CDB390AFBA41A7457C6008FF230004000200080002000100
00000C00020000000000000000000300000018000000000000001800000040004600690072006500
770061006C006C004100500049002E0064006C006C002C002D003200330035003000310000000100
00000000000001000000000000003537154B49108044AAB4D1B9BDC037100000000000000000
{b3cdd441-af90-41ba-a745-7c6008ff2301} REG_BINARY 01100800CCCCCCCCC000
0000000000000000020002000000A0000000040002000000000000000000A000000001100800CCCC
CCCC90000000000000000000020041D4CDB390AFBA41A7457C6008FF230104000200080002000100
00000C00020000000000000000000200000018000000000000001800000040004600690072006500
770061006C006C004100500049002E0064006C006C002C002D003200330035003000310000000100
0000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D620000000000000000
{4224eab7-7d61-4fe0-9264-6d6568d2ddff} REG_BINARY 01100800CCCCCCCCF801
0000000000000000020002000000980000000400020040010000080002009800000001100800CCCC
CCCC880000000000000000000200B7EA2442617DE04F92646D6568D2DDFF04000200080002000100
00000C0002000000000000000000040000001600000000000000160000004D006900630072006F00
73006F0066007400200041006E00740069006D0061006C0077006100720065000000010000000000
000001000000000000009407FF422736C1449886765010075254400100000100048C280100003401
00000000000014000000020014010800000000101800FF070F000102000000000005200000002002
000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000
000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF070300010600000000
00055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800FF070300010600000000
000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF070300010600000000
0005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F4030200010600000000
0005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000
000100000000010100000000000512000000010100000000000512000000


C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE
/S
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>
 

My Computer

Farbar Service Scanner Version: 25-02-2014
Ran by The Big Kahuna (administrator) on 02-03-2014 at 14:04:58
Running from "G:\Torrents"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 05:15] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 

My Computer

NoelDP

Three-Toed Sloth
Vista Guru
(ANOTHER missive got lost in the post! <grrrr>)

I forgot that in Vista, the bfe registry entry is rather large.

Please try this command instead - in an Elevated Command Prompt...

REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\BFE /S >%userprofile%\desktop\npbfe.txt
REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE /S >>%userprofile%\desktop\npbfe.txt

this will create a new file on your desktop - npbfe.txt - please upload it to your response.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\BFE /S >%us
erprofile%\desktop\npbfe.txt
ERROR: Invalid syntax.
Type "REG QUERY /?" for usage.

C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE
/S >>%userprofile%\desktop\npbfe.txt
ERROR: Invalid syntax.
Type "REG QUERY /?" for usage.

C:\Windows\system32>
 

My Computer

NoelDP

Three-Toed Sloth
Vista Guru
:confused: Dunno what's happened there - the commands work fine here in both Vista and Win7 :confused:

The only thing I can think of is user profile problems.

Please run the following commands, and post the results....

REG QUERY HKU
REG QUERY HKCU\Environment
REG QUERY "HKCU\Volatile Environment" /S
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G
C:\Windows\system32>REG QUERY HKU

HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-3039776163-4018052416-644031538-1000
HKEY_USERS\S-1-5-21-3039776163-4018052416-644031538-1000_Classes
HKEY_USERS\S-1-5-21-3039776163-4018052416-644031538-1001
HKEY_USERS\S-1-5-21-3039776163-4018052416-644031538-1001_Classes
HKEY_USERS\S-1-5-18

C:\Windows\system32>REG QUERY HKCU\Environment

HKEY_CURRENT_USER\Environment
TEMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
path REG_EXPAND_SZ %CommonProgramFiles%\Microsoft Shared\Windows Live


C:\Windows\system32>REG QUERY "HKCU\Volatile Environment" /S

HKEY_CURRENT_USER\Volatile Environment
LOGONSERVER REG_SZ \\ADRIANJONES-PC
USERDOMAIN REG_SZ AdrianJones-PC
USERNAME REG_SZ Adrian Jones
USERPROFILE REG_SZ C:\Users\Adrian Jones
HOMEPATH REG_SZ \Users\Adrian Jones
HOMEDRIVE REG_SZ C:
APPDATA REG_SZ C:\Users\Adrian Jones\AppData\Roaming
LOCALAPPDATA REG_SZ C:\Users\Adrian Jones\AppData\Local

HKEY_CURRENT_USER\Volatile Environment\1
SESSIONNAME REG_SZ Console
CLIENTNAME REG_SZ


C:\Windows\system32>
 

My Computer

NoelDP

Three-Toed Sloth
Vista Guru
I'm not sure what service it's talking about there - there are a number of possibilities....

Let's have a look at the event logs.

Open Event Viewer
click on the Windows logs entry in the left pane to expand it.

Now click on the Application entry - wait while it loads.
Click on 'File' in the menu bar and select Save...

Save the file as Appevt.evtx

Repeat for the System log
then zip both, and upload them.

 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G

NoelDP

Three-Toed Sloth
Vista Guru
Here's the obvious error that impacts a LOT of other things...

The Base Filtering Engine service terminated with the following error: Access is denied.

I'm surprised that there's not more complaints as a result in the log.

I think that's the problem we need to focus on.

Please open Regedit (carefully - errors in there can be fatal!)

Navigate in the left pane to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and expand the branch

Look for the BFE entry and right-click on it - select Permissions
What are its permissions settings for each named user?
Close the Permissions popup, then have a look at the key itself
Can you navigate freely through its subkeys?
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 8930G
Top